[Swan] update on hidetos=, overridemtu= and fragicmp=
Paul Wouters
paul at nohats.ca
Fri Jun 28 00:49:40 EEST 2013
On Thu, 20 Jun 2013, Paul Wouters wrote:
> Okay, then I will fix these options by adding support for them in
While re-adding support for fragicmp and hidetos I noticed that contrary
to the man page entries, both of these options were not set.
KLIPS initialises them to 0, and in the openswan days, _realsetup was
supposed to pass these options to _startklips, but at least since
openswan 2.0.0 (and possibly openswan 1.x) this was no longer happening.
I've left fragicmp this way, meaning it now defaults to not sending
ICMPs when fragmentation is needed, as we have been doing that for many
years apparently. I've re-added support to _stackmanager to enable this
when adding fragicmp=yes, and changed the man page to reflect reality.
The same is true for hidetos, but here I have changed the default in
KLIPS itself to be enabled, and re-added support to disable it to
_stackmanager via hidetos=no.
I've also re-added overridemtu=. It will change all ipsecX/mastX
interfaces to the specified mtu.
Paul
More information about the Swan
mailing list